How to make your site HTTPS-only
The Internet continues to become more secure as an increasing number of websites adopt HTTPS, the encrypted version of HTTP. Mozilla reported that over 50% of Firefox requests were made using HTTPS in 2016. Enabling HTTPS offers numerous benefits such as improved performance with HTTP/2, SEO advantages for search engines like Google, and a lock icon in the address bar indicating security. Cloudflare provides free and automatic HTTPS support for all customers, requiring no configuration. To ensure all visitors are protected, websites should be made HTTPS-only by redirecting them from the HTTP to the HTTPS version of the site. This can be done with a simple click in the Cloudflare dashboard or through an API. Once the site is fully functional with HTTPS-only enabled, users can take additional steps such as enabling HTTP Strict Transport Security (HSTS) and securing the connection between Cloudflare and their origin server using Cloudflare's Origin CA to get a free certificate for their origin server.
Company
Cloudflare
Date published
July 6, 2017
Author(s)
Nick Sullivan
Word count
443
Hacker News points
None found.
Language
English